Ransomware – Steps To Protect Your Business

Steps to protect your business

Prevention is better than cure, so it is good practise to implement a security framework appropriate for your business. However, you must also be prepared to deal with situations that compromise your systems by creating a cyber-response plan.

Some simple steps taken now can help protect you and your business from attacks by ransomware and other malware. As a bare minimum you should instigate the following:

Enabling system and data recovery

• Back up your critical systems. The servers you rely on for your major business systems and applications may need to be recovered following a ransomware infection. The quickest (and sometimes only) way to do this is to restore from a backup or ‘master’ image of the server. Be sure to include all the system files (operating system, configuration, etc) in this type of backup and test the re-creation of the servers. Dealing with a crisis is not the time to discover your backups are corrupted. Check their integrity on a regular basis by running test restores.
• Back up your business and customer data at least daily. This way if your data is lost or stolen, you can recover it quickly. Data can be backed up on an external hard drive or on a cloud-based storage service. Just like your system backups remember to test restores from the data backups regularly to see whether they are effective. Reach out to the owners of the data to help with the testing. Everyone in the organisation has a part to play in the testing of data recovery.
• Develop a cyber-incident response plan. No matter how well you prepared and how good your security is, things can still slip through the cracks. Have a plan that will help you take control of the situation if the worst were to happen. Know who to call and prepare by doing things like making hard copies of all important documentation in case you can’t access your system. Consider developing a Disaster Recovery Plan and Business Continuity Plan to map out how to deal with any situation that interrupts your ability to operate your business.

Addressing vulnerabilities

• Regularly install updates on software and devices. This will prevent attackers from exploiting vulnerabilities which they could use to attack your systems. Larger technology environments will have a specialist IT team taking care of this. If you don’t have your own team, engage with a technology partner to make sure this is done. Reach out to the owners of the systems to help with the testing – everyone in the organisation has a part to play in the deployment and testing of updates.
• Subscribe to information feeds. Having knowledge of recent malware incidents will alert you to the need to take further measures. You should also subscribe to information forums and user groups for your major applications and systems, to be aware of upcoming enhancement and updates.

Deploying Preventive Security Measures

• Change passwords now and regularly and use ‘strong’ passwords. This will reduce the risk that your credentials are used by attackers to access your systems and data. Strong passwords, containing values from multiple character sets (uppercase, lowercase, numbers, special characters) are much more difficult to break. Consider using a password manager if you have many systems that you access.
• Implement multi-factor authentication. Multi-factor authentication is used in addition to a password and adds another layer of security to logins. Usually this involves a code that is sent to your phone or an authentication app to verify your identity.
• Be aware of phishing campaigns. Phishing is a common way that computers and systems are infected. Learn how to spot suspicious emails, websites or links that could be hosting malicious software. Everybody in the organisation needs to be aware of the risks and what to do if they receive suspicious email or are directed to dubious websites.
• Talk to your IT team or service provider about setting up logs. Logs on systems and devices record when particular actions are taken on your website and systems. These allow for notification of any unusual or unexpected activity.